Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/13 12:0 a.m.5 views

Liferay Portal 7.4.x < 7.4.3.132 Cross-Site Scripting

Liferay Portal versions 7.4.x prior to 7.4.3.132 and DXP versions prior to 2024.Q1.13 or 2024.Q2 prior to 2024.Q4.6 are affected by a Cross-Site Scripting allowing an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web. No source da...

6.9CVSS6.6AI score0.03446EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/12 9:33 a.m.10 views

Cross-site Scripting (XSS)

com.liferay:com.liferay.marketplace.app.manager.web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to properly escape user-supplied input in the Marketplace App Manager Web module, allowing injection of JavaScript by unauthenticat...

6.9CVSS6.8AI score0.03446EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/05/06 6:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the iconURL parameter in the marketplace-app-manager-web module. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise truste...

7.2CVSS5.3AI score0.03446EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 6:30 p.m.11 views

GHSA-P2F8-VQ4R-GQG3 Liferay Portal Reflected XSS in marketplace-app-manager-web

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...

6.9CVSS5.6AI score0.03446EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/06 6:30 p.m.15 views

Liferay Portal Reflected XSS in marketplace-app-manager-web

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...

6.9CVSS5.7AI score0.03446EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/06 6:15 p.m.6 views

CVE-2025-4388

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...

6.1CVSS5.9AI score0.03446EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 6:18 a.m.8 views

SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

Overview SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro of Cryptography Laboratory , Information and Communication Engineering ,Graduate School of Engineering , Tokyo Denki University reported this...

7.4CVSS6.5AI score0.0047EPSS
Exploits0References5
Rows per page
Query Builder